Formal Presentations

“The [Encrypted] Elephant in the Room“

There is no arguing that the Internet is becoming both more widely and heavily encrypted. This has drastically changed (read: decreased) what traffic network forensicators and defenders can see and therefore use to perform their jobs. However, all hope is not lost. In this talk, we will first briefly explore some of what got us to this point, but more extensively discuss the current state of network traffic analysis in general and what we as an industry can do to overcome it. We will talk about legal, architectural, and technical means of maintaining meaningful visibility in a typical network environment, as well as how our analytic procedures can keep pace with the broader Internet trends.

The road ahead is still full of terabytes of NetFlow, logs, and yes – even full-packet-captures of network traffic. Encryption will remain a constantly evolving technology, meaning security professionals must also stay nimble in the face of this perpetual change.

UPCOMING! Keynote Address at SANS St. Louis: March 11, 2019; St. Louis, MO

Join the SANS DFIR Faculty as they discuss some of the latest developments in the field of digital forensics and incident response. A rotating cast of instructors will take the stage, discussing some of the latest developments and hot item issues in their respective domains, from Windows and Smartphone forensics, to Network and Endpoint Incident Response, and more.

As every security professional knows, travel can be even more stressful when you’re carrying multiple laptops, evidence drives, mobile devices, connection cables, and the like. Whether traveling domestically or internationally, your private data and that of your clients is arguably at the greatest risk when transiting customs or other airport screening points. One must realistically consider whether you would give up encryption passwords or forfeit your hardware at a border crossing, for example.

Now, consider how people within your organization would deal with the same challenges. How should you equip them for international and domestic travel without creating an imposition on their busy schedules? How can you keep up with delivering information to traveling staff? What advice do you give them regarding foreign (or domestic) customs agents demanding passwords and data access? What sort of knowledge do you want to develop about attempts to access your information assets while your staff travels?

This talk will cover various practical ways we can protect electronic interests in various common situations for you and your organization. We’ll cover both preventive measures as well as mechanisms to detect that your gear has been fiddled with while outside your immediate control. Measures for various operating systems will be addressed, while considering how to maintain practical paranoia but without drawing attention to oneself.

One discipline is not enough to solve investigations relating to digital evidence. In this Keynote, Phil will expand on scenarios where multiple skills are needed to hunt and uncover evidence. Network Forensics, Memory Forensics, Malware detection, Malware analysis and Data Synchronization between smartphones, Mac and Windows computers may change the way you need to look at your evidence. Simply having tunnel vision in your field will limit your success! A change in your approach may change your success rate when examining digital media.

Keynote Address at SANS Seattle: April 23, 2018; Bellevue, WA

October 18, 2018; Hong Kong

October 19, 2019; Taipei

“What’s New in FOR572“: All SANS courses are updated regularly to ensure they include the latest investigative tools, techniques, and procedures, as well as reflect trends in attacker methodologies. In this webcast, Phil Hagen will discuss the latest updates in the course, as well as some exciting developments in the OnDemand delivery for the course. Well also discuss the corresponding Network Forensics poster, which was released coincident with the new course version.

SANS Webcast: April 10, 2018; Online (Archived version available at link)

“The Tap House“: This is a series of talks that focus on new and emerging topics in the Network Forensics arena. No two talks will be quite the same, so feel free to stop in and see what’s new if you’re attending a SANS or other event where we’re holding an event.

Packets move pretty fast. The field of Network Forensics needs to move fast, too. Whether you are investigating a known incident, hunting unidentified adversaries in your environment, or enriching forensic findings from disk- and memory-based examinations, it’s critical to stay abreast of the latest developments in the discipline.

In this SANS @Night series, Phil Hagen will discuss some of the latest technologies, techniques, and tools that you will want to know in pursuit of forensication nirvana.

Phil is also an avid craft beer fan, so there’s a good chance you will learn something about a new notable national or interesting local beer in the process.

This presentation will be helpful for those that wish to keep up-to-date on the most cutting-edge facets of Network Forensics.

SANS @Night (SANS DFIR Summit 2018): June 10 2018; Austin, TX

About Us

Lewes Technology Consulting focuses on the IT strategy and security needs of small and medium businesses and nonprofit organizations.
We are based in Lewes, Delaware, and support both local and national clients.